Description

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://secunia.com/advisories/57716

http://secunia.com/advisories/57719

http://rhn.redhat.com/errata/RHSA-2014-0371.html

Related Vulnerabilities

CVE-2023-30846 Vulnerability in npm package typed-rest-client

CVE-2023-49446 Vulnerability in maven package com.jfinal:jfinal

CVE-2014-2067 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-11272 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2021-21606 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory